summaryrefslogtreecommitdiff
path: root/sys/net/pfkeyv2_parsemessage.c
diff options
context:
space:
mode:
Diffstat (limited to 'sys/net/pfkeyv2_parsemessage.c')
-rw-r--r--sys/net/pfkeyv2_parsemessage.c23
1 files changed, 19 insertions, 4 deletions
diff --git a/sys/net/pfkeyv2_parsemessage.c b/sys/net/pfkeyv2_parsemessage.c
index 3b8b8441b9e..cb512f5d017 100644
--- a/sys/net/pfkeyv2_parsemessage.c
+++ b/sys/net/pfkeyv2_parsemessage.c
@@ -60,6 +60,7 @@ you didn't get a copy, you may request one from <license@inner.net>.
#define BITMAP_X_SA2 (1 << SADB_X_EXT_SA2)
#define BITMAP_X_DST2 (1 << SADB_X_EXT_DST2)
#define BITMAP_X_POLICY (1 << SADB_X_EXT_POLICY)
+#define BITMAP_X_CREDENTIALS (1 << SADB_X_EXT_CREDENTIALS)
uint32_t sadb_exts_allowed_in[SADB_MAX+1] =
{
@@ -68,9 +69,9 @@ uint32_t sadb_exts_allowed_in[SADB_MAX+1] =
/* GETSPI */
BITMAP_ADDRESS_SRC | BITMAP_ADDRESS_DST | BITMAP_SPIRANGE,
/* UPDATE */
- BITMAP_SA | BITMAP_LIFETIME | BITMAP_ADDRESS | BITMAP_KEY | BITMAP_IDENTITY,
+ BITMAP_SA | BITMAP_LIFETIME | BITMAP_ADDRESS | BITMAP_KEY | BITMAP_IDENTITY | BITMAP_X_CREDENTIALS,
/* ADD */
- BITMAP_SA | BITMAP_LIFETIME | BITMAP_ADDRESS | BITMAP_KEY | BITMAP_IDENTITY,
+ BITMAP_SA | BITMAP_LIFETIME | BITMAP_ADDRESS | BITMAP_KEY | BITMAP_IDENTITY | BITMAP_X_CREDENTIALS,
/* DELETE */
BITMAP_SA | BITMAP_ADDRESS_SRC | BITMAP_ADDRESS_DST,
/* GET */
@@ -140,9 +141,9 @@ uint32_t sadb_exts_allowed_out[SADB_MAX+1] =
/* GETSPI */
BITMAP_SA | BITMAP_ADDRESS_SRC | BITMAP_ADDRESS_DST,
/* UPDATE */
- BITMAP_SA | BITMAP_LIFETIME | BITMAP_ADDRESS | BITMAP_IDENTITY,
+ BITMAP_SA | BITMAP_LIFETIME | BITMAP_ADDRESS | BITMAP_IDENTITY | BITMAP_X_CREDENTIALS,
/* ADD */
- BITMAP_SA | BITMAP_LIFETIME | BITMAP_ADDRESS | BITMAP_IDENTITY,
+ BITMAP_SA | BITMAP_LIFETIME | BITMAP_ADDRESS | BITMAP_IDENTITY | BITMAP_X_CREDENTIALS,
/* DELETE */
BITMAP_SA | BITMAP_ADDRESS_SRC | BITMAP_ADDRESS_DST,
/* GET */
@@ -417,6 +418,20 @@ pfkeyv2_parsemessage(void *p, int len, void **headers)
return EINVAL;
}
break;
+ case SADB_X_EXT_CREDENTIALS:
+ {
+ struct sadb_cred *sadb_cred = (struct sadb_cred *)p;
+
+ if (i < sizeof(struct sadb_cred))
+ return EINVAL;
+
+ if (sadb_cred->sadb_cred_type > SADB_CREDTYPE_MAX)
+ return EINVAL;
+
+ if (sadb_cred->sadb_cred_reserved)
+ return EINVAL;
+ }
+ break;
case SADB_EXT_IDENTITY_SRC:
case SADB_EXT_IDENTITY_DST:
{